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Abstract 

Wc study the collection of group structures that can be realized 
as a group of rational points on an elliptic curve over a finite field 
(such groups are well known to be of rank at most two). We also 
study various subsets of this collection which correspond to curves 
over prime fields or to curves with a prescribed torsion. Some of 
our results are rigorous and are based on recent advances in analytic 
number theory, some are conditional under certain widely believed 
conjectures, and others are purely heuristic in nature. 
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1 Introduction 



Let Fq denote the finite field with q elements. It is well known that the group 
E{¥q) of points on an elliptic curve E defined over Fg has rank at most two, 
and therefore, 

E{¥q) = Z„ X Zkn (1) 

for some natural numbers n and fc, where denotes the ring of congruence 
classes modulo m for each natural number m; see [71 [131 ED ES]. On the 
other hand, little is known about the structure of the set of groups Z„ x 
that can be realized as the group of points on an elliptic curve defined over 
a finite field. For this reason, we introduce and investigate the set 

Sn = {(n, fc) G : 3 prime power q and E/¥q with E{¥q) ^ Z„ x Zfe„}. 

We are also interested in groups Z„ x Zfc„ with a realization ([T]) in which 
g = p is a prime number, hence we study the subset 5^ C Sn defined by 

= {(n, fc) e : 3 prime p and E/¥p with E{¥p) = Z„ x Zfe^}- 

Although one can expect St, and Sn to be reasonably "dense" in N^, the 
complementary sets also appear to be rather large. For example, here is the 
list of pairs (n, k) ^ Sn with n,k ^ 25: 

(11,1), (11,14), (13,6), (13,25), (15,4), 
(19, 7), (19, 10), (19, 14), (19, 15), (19, 18), (2) 
(21, 18), (23, 1), (23, 5), (23, 8), (23, 19), (25, 5), (25, 14). 

To investigate the distribution in of the elements of iS^ and of Su, for 
natural numbers and K we introduce the sets 

S,,{N,K) = {{n,k) G 5^ : n ^ N, k ^ K}, 
Sn{N,K) = {{n,k) e Sn : n ^ N, k ^ K}. 

These sets are the main objects of study in this note. 
For natural numbers n and k, we also put 

V{n, k) = {primes p : 3 E/¥p for which E{¥p) = Z„ x Z^^}. 
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The set V{n, k) parametrizes the set of finite fields of prime cardinahty over 
which Z„ X can be reahzed as the group of points on an elhptic curve. 
For natural numbers N and K we study the double sum 

^p(iV,ir) = ^^#P(n,A:), 

for which we obtain an asymptotic formula in certain ranges. 

Finally, for natural numbers m, k we introduce and compare the sets 

J^m,k = {n G N : Bp prime and E/¥pm. with E{¥pm) = Z„ x Zfc„}, 
J^m,k = {neN : Bp prime, £ G Z with = kn"^ + £n + l, \i\ ^ 2Vk }. 

We remark that the distribution of group structures generated by elliptic 
curves over a fixed finite field has been studied in [12] . 

2 Notational conventions 

Throughout the paper, the letter p always denotes a prime number, and q 
always denotes a prime power. As usual, we use 7t{x) to denote the number 
of p ^ X. For coprime integers a and m ^ 1, we put 

7r(x; m, a) = ^ X : p = a (modm)}, 

n(x; m, a) = #{g ^ a; : q = a (modm)}. 

We also set 

ij{x;m,a)= ^ A(n), 

n=a (mod m) 

where A(n) is the von Mangoldt function. 

For any set ^ C N and real x > 0, we denote A{x) = {a G ^ : a ^ xj. 

For functions F and G > the notations F = 0{G), F <t: G, and G :^ F 
are all equivalent to the assertion that the inequality \F\ ^ cG holds with 
some constant c > 0. In what follows, all constants implied by the symbols 
O, and ^ may depend (where obvious) on the small real parameter e 
but are absolute otherwise; we write Op, <tip, and to indicate that the 
implied constant depends on a given parameter p. 
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3 Preliminaries 



Lemma 1. If q is a prime power, and E is an elliptic curve defined overWq 
such that E(¥g) = Z„ x Z^n, then q = kv? + in + 1 for some integer i that 
satisfies \£\ ^ 2^/k. 

Proof. By the Hasse bound, we can write kn^ = q + 1 — a for some integer 
a that satisfies the bound ^ 4g. Using the Weil pairing one also sees 
that q = 1 (mod n), hence a = in + 2 for some integer i, and we have 
q = kn^ + in + 1. Since 

i^n'^ + Ain + A= {in + 2f = ^ Aq = Akn^ + Ain + 4, 

it follows that \l\ ^ 2\/k as required. □ 

The following result of Water house [23] (see also [221 Theorems 4.3]) is 
a characterization of the natural numbers that can be realized as the 
cardinality of the group of F^-rational points on an elliptic curve E defined 
over ¥q. 

Lemma 2. Let q = be a prime power, and suppose that N = q + l — a for 
some integer a. Then, there is an elliptic curve E defined over ¥q such that 
^E{¥q) = N if and only if \a\ ^ 2^/g and one of the following conditions is 



met: 








(^) 


gcd(a,p) = 1; 






(n) 


m even and a = ±2y/q; 






(Hi) 


m is even, p ^ 1 (mod 3), 


, and a = 




{iv) 


m is odd, p = 2 or 3, and 


a = ±p("^ 


.+l)/2. 


(v) 


m is even, p ^ 1 (mod 4), 


, and a = 


0; 


{vi) 


m is odd and a = 0. 







For every admissible cardinality N, the following result of Riick [TB] (see 
also [22j Theorems 4.4]) describes the group structures that are possible for 
E{¥q) given that #E{¥q) = N; see also [7i i21j. 
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Lemma 3. Let q = he a prime power, and suppose that N is an integer 
such that ^E(¥g) = N for some elliptic curve E defined over ¥q. Write 
N = p^nin2 with p \ nin2 and rii \ n2 {possibly rii = 1). Then, there is an 
elliptic curve E over Fg for which 

E{¥^) = Zpe X X Zn, 

if and only if 

(i) ni = n2 in case (ii) of Lemma^ 

(ii) ni \ q — 1 in all other cases of Lemma^ 

Combining Lemmas [2] and |3| we get: 

Corollary 4. If p is prime and G N with \p + 1 — N\ ^ ^^/p, then there 
is an elliptic curve E defined over ¥p with j^E{¥p) = N. In this case, if we 
write N = nin^ with p\ni and ni \ [possibly ni = 1), then ni \ p — 1 and 
E{¥p) = Zn, X Z„3. 

Lemma 5. A prime p lies in V{n,k) if and only if p = kn^ + in + 1 for 
some integer i such that \£\ ^ 2\/k. 

Proof. By definition, if p lies in V{n, k) then there is an elliptic curve E/¥p 
such that E{¥p) = Z„ x According to Lemma [ij p = kn^ + in + 1 with 
some integer i such that \i\ ^ 2y/k. 

Conversely, suppose that p = kri^+in+l and |£| ^ 2\/k. Taking N = kn^ 
we have 

\p + l-N\^ = {in + 2f = tn^ + 4£n + 4 ^ ^kn^ + 4£n + 4 = 4p, 



hence |p + 1 — ^ 2^p. Applying Corollary |4] with n\ = n and n3 = /era, 
we see that there is an elliptic curve E/¥p such that E{¥p) = Z„ x Z^n, and 
thus p G V{n, k). □ 

Next, we relate ^/(^(A^, K) to the distribution of primes in short arithmetic 
progressions. 

Lemma 6. For all N, K & N we have 

^v{N,K)= (^7^(Kn^+£n+l;r^^£n+l)-7^(i£V+£n+l;n^£n+l)). 
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Proof. Fix n ^ N, and let Ti{n) be the collection of pairs {i,p) such that 
(t) \£\ ^ 2./K- 

(ii) p is a prime congruent to £n + 1 (mod n^); 

(iii) 1^71^ + in + l ^ Kn^ + £n + 1. 

Since |£^n^ + in + 1 = {^£n + 1)^ cannot be prime, it is easy to see that 
#ri(n) = (n{Kn'^ + en + l;n\en + l)-7r{le^n^ + en + l;n\in + l)y 

Let 72 (n) be the collection of pairs {k,p) such that 

(iv) K; 

(v) p is prime and p = kn^ + £n + 1 for some integer £ such that |£| ^ 2\/~k. 

By Lemma [Sj condition [y] is equivalent to the assertion that p E V{n,k), 
hence 

Since 

^#ri(n)= J2 {jf{Kn^+in + l;n\in+l)-7T{\iV + in;n^,in + l)^ 
and 

to prove the lemma it suffices to show that #71 (n) = #72 (n) for each n ^ N. 

First, let (£, p) G 7i(n). By (iz) we can write p = kii? + dn + 1 for some 
integer k. Substituting into {iii) we have 

\i^n^ + £n + 1 < fcn^ + £n + 1 ^ Kn^ + £n + 1, 

hence k ^ K and |£| ^ 2\/k. This shows that the pair {k,p) lies in T2{n). As 
the map 7i(r2) — )■ 72(^) given by h-)- {k,p) is clearly injective, we have 
#ri(n) ^ #r2(n). 
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Next, suppose that {k,p) G T2{n), and let £ be as in (v). By (iv) we have 
\£\ ^ 2^/k ^ 2\/K, and p = £?7, + 1 (mod n^) by (i;). Furthermore, since 

^ k ^ K the prime p = /cra^ + £n + 1 satisfies (^u). This shows that the 
pair {i,p) lies in 7i(n). Since the map 72 (n) — )■ 7i(n) given by {k,p) i— )■ (^, p) 
is injective, we have H^%.{n) ^ #7i(n), and the proof is complete. □ 



4 Primes in sparse progressions 

Below, we use the following result of Baier and Zhao [2], which is a variant 
of the Bombieri- Vinogradov theorem that deals with primes in arithmetic 
progressions to square moduli. 

Lemma 7. For fixed £ > and C > we have 

X 



y m max 

^ gcd(a,m)=l 



iIj(x; rn^, a) — 



(logx; 



c 



where the implied constant depends only on e and C . 

Via partial summation one obtains the following: 
Corollary 8. For fixed e > and C > we have 

X 



y m max 

^ gcd(a,m)=l 



, 2 N ^(3^) 

7r(a;;m , a) 



(logx 



\C 



where the implied constant depends only on e and C . 



For our applications of Corollary |8] we also need a well known asymptotic 
formula 

(3) 



for more precise results, we refer the reader to [HI [T71 ITS] . 

For any sequence of integers A = (a„)J^i and any positive real numbers 
A and X, we define the sum 

J^{A;X,X) = Y,<^n';n',an). (4) 

n<X 
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Lemma 9. Fix e G (0, 2/5). For any sequence of integers A = (on)^! such 
that gcd(a„,n) = 1 for all n, and for any real numbers X and X such that 
3^X ^ the estimate 

'^lAA,Aj- \og{\X^)^^\ {\ogxy ) 

holds, where the implied constant depends only on e. 

Proof. Let A be an arbitrary real number such that X~^ ^ A ^ 1, and let 

2 log log X 



Put 

Note that 
and we have 



^ .log(l + A)J 

Xj = x{i + Ay--^ 



X 



{\ogxy 



< A-MoglogX. 

(j=0,l,...,J). 
2X 



(logX) 



2 ' 



Xj ^Xj+i^2Xj and logX^ > logX. 
Using the trivial bound 7r(An^; v?,an) ^ A for all n ^ Xq, we derive that 



^(^;A,X)= 7r(An2;n^a„) + 0(AXo) 

J-1 
j=0 



XX 



(5) 



where 



Sj= Y 7r(An^;n^a„) (j = 0, 1, . . . , J). 



Since Xj+i — Xj = AXj, for every integer n G [Xj, Xj+i] we have 

n^^X] + 0(AX]). (6) 

For any such n, the number of primes p G [AX|, An^] with p = an (mod n^) 
does not exceed 



Xn^ - AXf 



+ 1 < 



AAXf 



+ 1 ^ AA + K AA 



(since A A ^ AX ^ 1). Therefore, 



Sj= Yl ^(AX|;n^a„) + 0(A2AX,) (j = 0, 1, . . . , J). (7) 
Furthermore, 



E -(AX|;n^a„)-v^(AX|) -i- 



Xj<n^Xj+i 



7r(AX. ;n , a„) 



7r(AX|) 



7r(AX .;n , a„) 



n max 

7 gcd(a,n)=l 



, ^ , , 7r(AXf 
7^(AX,2;r^^a) 



In view of the hypothesis that 3 ^ X ^ A^^^ ^ we can apply Corollary [sj with 
C = 4 to derive the bound 



2 1 



AA'j 



Using (|6]) again, we write 



(8) 



^ 7r(An2) + 0(AAX2) 

— 



Using the prime number theorem in its simplest form, namely 



T^{y) = — + o 



logy \{logy) 

(see PUI Chapter II. 4, Theorem 1] for a stronger statement) together with 
the lower bound 



ip{n'^) = nip{n) > 



n 



log log(n + 2) 
9 



(n G N) 



(see pni Chapter 1.5, Theorem 4]) and the trivial inequahties 

log(AX2) ^ log(An2) ^ log(AX2) = log(AX2) + O(loglogX), 
which hold for any integer n G [Xo,X], we derive that 



^^^^^ 5Z ^ 

^ , ^/ AAX.loglogX , ^ \ 

= / / — + O — — h A AXj loglogX 



^ V- ^ , ^/ AAX,(loglogX)^ , ^ \ 



log(AX2) 



Combining this result with ([T]) and ([s]) we see that 
S ^ V 



AX, AAX,(loglogX)2 ^2x^, , ^ 

< 7^ — ^ + — + log log X 

(logX)4 (logX)2 
We insert this estimate in (|5| and deduce that 



/ A AA(loglogX)2 , 
« ( W " (logX)^ + ^) g 

V(l0gX)4 (logX)2 ) 

A-UX , AX(loglogX)2 , 

= n ^ + n W2 + AAXloglogX 

(logX)4 (logX)2 

Taking A = (logX)^^ (for which our hypothesis X~^ ^ A ^ 1 holds for all 
X > 1) and taking into account that ([s]) implies the estimate 



27r4 V(log^)^ 
10 



we conclude the proof. 



□ 



We are certain that the error term of Lemma|9]can be improved easily, but 
we have not attempted to do so as we only require the asymptotic behavior 
of ^{A; A,X) stated in the next corollary. 

Corollary 10. Fix e G (0,2/5). For any sequence of integers A = (a„)^i 
such that gcd{an,n) = 1 for all n, and for any real numbers A and X such 
that A"^ ^ X ^ A^/^~^, the estimate 

^M;A.A-)^f?l|M+<,(l)^ ^•'^ 



^ 27r4 ' ^ 7 log(AX2) 
holds, where the function implied by o(l) depends only on e. 

5 The sets S^{N, K) and <Sn(iV, K) 

We begin with the observation that 

Indeed, if p = kn? + 1 is a prime which does not exceed Kn^, then the pair 



(n, {p — l)/n^) lies in St,{N, K). Clearly, Corollary 10 can be applied to the 
sum on the right hand side of ([9]) to derive the lower bound 



27r4 ' 7 \og{KN^) 

provided that ^ N ^ K"^/^'^ . Moreover, even without the condition 
N ^ K'^ we are able to get a lower bound of the same strength. 

Theorem 11. Fixe G (0,2/5), and suppose that N ^ K^/^-^. Then, the 
following bound holds: 

KN 

#5.(iV,ir)»— -. 

log A 

Proof. Using ^ together with the elementary bound 

— ^ Il[x;m,a) = iT(x;m,a) + O (x ' logx) , 

log X ^ ^ 
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we have 



N/2^n^N 



N/2^n^N 



— 



+ E{N, K) + {K^'^N^ log K) , 



where 



N/2sin^N 



,lj{\KN'-n\l) 



N\ogK 



E 



n 



N/2^n^N 



Applying Lemma [7| with x = ^KN"^ and C = 1 (which is permissible since 
our assumption ^ f^2/5-e jj^ipUes that N < {\KN'^y^^~^ for a suitable 
6 > that depends only on e) we see that 



E{N,K) < 



and therefore, 



Since 



N/2^n^N 



N/2^n^N^^ ' N/2^n^N 



the result follows. 

Theorem 12. For any fixed K we have 



□ 



N 
logN 
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Proof. The Selberg sieve provides the following upper bound on the number 
of primes represented by an irreducible polynomial F{n) = ari^ + hn + l with 
integer coefficients (see Halberstam and Richert |6i Theorem 5.3] for a more 
general statement): 



#{n ^ X : F{n) is prime} ^ 2 JJ ^1 - — 



X / /log log 3x 



X [l + Op 



log a; \ \ logx 

where Xp is the quadratic character modulo p, that is, the Dirichlet character 
afforded by the Legendre symbol. The constant implied by O^? depends on F, 
and this is the reason that K is fixed in the statement of the theorem. 
Trivially, we have 

#S^{N, K) ^ #{n ^ N : kn^ + in + 1 is prime}. 



Applying (10) with F(n) = kn + in + 1, the result is immediate. □ 
Corollary 13. For any fixed K E'N we have 



logN 
Proof. We have 

oo 

#5n(iV, K) ^ #5.(iV, K) + Y, #4'^(iV, K), (11) 

where for each j ^ 2, we use S^\n, K) to denote the set of pairs (n, k) in 
Sji{N.,K) associated with prime powers of the form q = jp with p prime. It 
is easy to see that 

#S»(A'.if) « A-VV((/<-/V=+2A-/^A.+l)".') « ^^J^)'/^"^ = I 

Indeed, for fixed k and p there are only 0{K^f'^) possibilities for i. Thus, for 
fixed p there are 0{K^^'^) possibilities for (n, k), where the implied constant 
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is absolute. Furthermore, S^\n,K) = for all but O (log(i^'A^)) choices 
of j. Thus, from (11) we deduce that 

#5n(iV,ir) ^ i^S^{N,K) + OK{N/\ogN), 

and the result follows from Theorem [121 □ 



An immediate consequence of Corollary [13] is that there are infinitely 
many pairs {n, k) that do not lie in Su- In fact, if A; G N is fixed, then we see 
that {n, k) ^ Sn for almost all n G N. 

The situation is very different when n G N is fixed, for in this case we 
expect that the pair {n, k) lies in the smaller set 5-^ for all but finitely many 
G N. To prove this, one needs to show that 

TT{{k^/^n + 1)2; n, 1) - n{{k^/^n - 1)'; n,l) > 

for all sufficiently large k. Although this problem is intractable at present, 
the probabilistic model of Cramer (see, for example, [5l[T9]) predicts that 

Ttiik^/^ + 1)^; n, 1) - niik^/^n - 1)^; n, 1) >„ k^/^ log k 

for all large k. Unconditionally, it may be possible to answer the following 
questions: 

• If n G N is fixed, is it true that [n, k) G Sn for almost all G N? 

• Is it true that for almost all n G N, there are only finitely many pairs 
{n, k) that do not lie in iSn? 

We conclude this section with the following: 
Theorem 14. The set Su \ 5^ is infinite. In fact, we have 

#{n G AT : (n, 1) G 5n \ 5.}^ (2 + o(l)) {N -> cx)). 

^ ' log JS 

Proof. Using the prime number theorem for arithmetic progressions together 
with a standard upper bound from sieve theory such as [6, Theorem 5.3], one 
sees that there are (2 + o(l))A^/log A^ natural numbers n ^ N such either 
n — 1 or n + 1 is prime, but not both, and such that the integers + 1, 
n"^ + n + 1 and ra^ — + 1 are all composite. For any such n, either (n — 1)^ 
or (n + 1)2 is a prime power, and we have [n, 1) G Su] however, + in + 1 
is clearly composite for —2^i^2, and thus {n, 1) ^ S.^. □ 
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6 The double sum ^(iV, K) 

Here, we study the double sum ,yfp(N,K) using the formula of Lemma |6] 
Our main result is the following: 

Theorem 15. Fix e E (0,2/5), and suppose that K'^ ^ N ^ Then, 
the estimate 

/210C(3) \ K^/^N 



holds, where the function implied by o(l) depends only on e. 
Proof. Using the trivial estimate 

7r(x + y; k, a) = tt{x; k, a) + 0{y/k + 1), 
we see from Lemma |6] that .Ap{N,K) is equal to 

J2 {7^{Kn^; n^ in + 1)- Ti{\fn^] n^, ln + l) + 0{l/n + 1) 



(n{Kn^; n\£n + 1) - 7r(|£V; n\ in + 1)) 



+ 0{K log N + K^^^N) 
{^iAe;K,N) - j^iAf, iV)) + 0(ir logiV), 



where Ai = for each i, and the sum ^{Ae;X,X) is defined 

by (|4]). Note that we have used the bound K^/'^N <^ KlogN, which follows 
from our hypothesis that N ^ K'^/^~'^ . 

We now put L = 2\/li / logK and write 



^v{N,K) = Si + S2 + 0{K log N), (12) 

where 

s,= J2 {^(^^-^ ^) - ^(^^' -/'^ ^)) • 

L<\e\^2VK 
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For Si we use the trivial estimate 



together with Corollary 10 to derive the bound 



LKN K^/^N 
Si < — < 



log is: (logfs:)^ 



(13) 



For 5*2 we apply Corollary 10 to both terms in the summation. Writing 
O = 315 C(3)/(27r'*), and taking into account that 



\og{fNyA) = (1 + o(l)) log{KN^) {L < \i\ ^ 2y/K), 
we see that 

/ KN i'^N \ 



(6 + 0(1)) 



iog(Js:A^2) 



J2 {K-f/4) = {lQ + o{l)) 



L<\e\^2VK 



Using this bound and (13) in (12), we finish the proof. 



□ 



7 The sets A/^ k cind Afr 



In this section, we study the sets N'm,k and N'm,k introduced in ^ We begin 
the following: 

Lemma 16. For all m, k & N we have Mm k ^ AC k- 



Proof. For every n G N'm,k there is a prime p and an elliptic curve E defined 
over Fpm such that E{¥pm) = Z„ x Z^^. By Lemma [T| = kn'^ + in + 1 for 
some integer i that satisfies \i\ ^ 2^/k, that is, n G N'm,k- □ 
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7.1 Results with fixed values of m 



In the case that m = 1, the set inclusion of Lemma [16] is an equahty. 
Theorem 17. For all k eN we have Mi.k = Mik- 



Proof. In view of Lemma 16 it suffices to show that Mi^k ^ ■^i,k- For every 
n G Mi^k there is a prime p such that p = kn^ + in + 1. Put a = ni + 2, and 
note that |a| ^ '^\/P since 



= nH' + 4n£ + 4 ^ 4:{n'k + n£ + 1) = Ap. 

If gcd(a,p) = 1, then by Lemma there is an elliptic curve E/¥p 
such that jj^E{¥p) = p + 1 — a = kn. On the other hand, if p | a, then 
the inequality \a\ ^ 2y^ implies that either p ^ 3 and a = ±p, or a = 0. 
Applying Lemma|2](it') in the former case and Lemma|2](if ) in the latter, we 
again conclude that there is an elliptic curve E/¥p such that jj^E{¥p) = kn^. 
In all cases, since p = 1 (mod n), Lemma [3](m) guarantees that there is an 
elliptic curve E defined over ¥p such that E{¥p) = Z„ x Zfc„. Therefore, 
n e Xi,k- □ 

Lemma 18. For natural numbers n, k the set 

P(n, k) = {^primes p : p^ = kn^ + in+ 1 for some £ G Z with \i\ ^ 2\/k } 
contains at most one prime except for the following cases: 
(i) V{n, k) = {2,3} if n = I and A ^ k ^ 9; 

(ii) V{n, k) = {hn ± 1} if k = h"^ for some h E N, and both hn — 1 and 
hn + 1 are primes. 

Proof. It is easy to see that 

P(?T,, A;) = jprimes p G [nV^ — 1, + l] : p^ = l (mod n)}. (14) 

Since the interval \n\/k — 1, n\/~k + l] has length two, the result follows 
immediately. □ 



When m = 2, the inclusion of Lemma 16 can be proper. Fortunately, we 
are able to classify those natural numbers k for which this happens. 
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Theorem 19. For all k & N we have M2,k = ■^2,k except for the following 
disjoint cases: 

(i) k = + 1 for some prime p = 1 (mod 4); 

(ii) k = p"^ ±p + 1 for some prime p = 1 (mod 3); 

[Hi) k = h"^ for some integer h > 1. 

In cases (i) and (ii) we have N2,k \J^2,k = {1}; and in case {Hi) we have 

■^2,k \ ■^2,k ={^ € N : hn — 1 or hn + 1 is prime^. (15) 

Proof. Let k be fixed, and suppose that n G N'2,k- Let p and £ be such that 
p^ = kn^ + £n + 1, \l\ ^ 2\/fc, and put a = ^n + 2. Then \a\ ^ 2p, and using 
Lemmas |2] and [3] it is easy to see that n hes in N'2,k except possibly in the 
following cases: 

(1) a = and p =1 (mod 4); 

(2) a = ±p and p = 1 (mod 3); 

(3) a = ±2p and k is not of the form p^ for any j ^ 0. 

In case (1) we have in = —2, which implies either that {n,i) = (2, — 1) 
and p"^ = 4k — 1, which is impossible, or that {n, i) = (1, —2) and p"^ = k — 1. 
This shows that M2,k\J^2.k ^ {1} and that k satisfies the condition (i). Since 
k ^ 26 and k ^ h"^ for any /i > 1, we have 'P{n., k) = {p} by Lemma 18, It 



remains to show that 1 ^ Af2,k in this case. Suppose on the contrary that 
1 £ A/2,fc. Then there is a prime po and an elliptic curve E defined over Fp2 
such that E{¥p2) = Zi x Z^. By Lemmajljwe see that p^ = k + £+l for some 

integer i such that \i\ ^ 2\/k; that is, po G V{n, k). Therefore, pq = p, and 
^E(Fp2) = k. But this is impossible by Lemma [2](f) since p = 1 (mod 4). 

In case (2) we have p = ±{in + 2) = ±2 (mod n), thus p"^ = 4 (mod n). 
Since = fcn^ + + 1 = 1 (mod n) as well, it follows that n \ 3. We claim 
that n 3. Indeed, if n = 3, thenp^ = 9A; + 3£+l = 9k±p — l, and therefore 
^ p + 1 = (mod 9). But this is impossible as neither + X + 1 nor 
X"^ — X + 1 has a root in Zg. If n = 1, then p'^ = k + i + l = k±p — 1. 
This shows that A/2,fc \J^2,k ^ {1} and that satisfies the condition {ii). The 
proof that 1 ^ A/2,fc is similar to that of the preceding case. 
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n 



In case (3) we have = kn^ ± 2p — 1, or kn"^ = (p =1= 1)^; it follows that 
p=F I5 and k = with h = (j9=F l)/n. Since k 7^ we see that k satisfies 



the condition {iii). It remains to establish (15) 



Fix h > 1, and suppose that n G A/2,/i2. Then V{n,h'^) ^ 0, where 



by (14) we have 

'P{n,h'^) = \^pnmes p G [hn — l,hn + I] : p'^ = l (modn)}. 
First, suppose V{n., h'^) contains a primep in the open interval [hn—l, hn+1] 



Then, using Lemma 18, we deduce that V{n,h^) = {p}, and thus case (3) 
does not occur for any prime in V{n, h"^). Also, the cases (1) and (2) cannot 
occur, for otherwise k = h"^ would satisfy [i) or (zi), respectively, rather than 
{ill). Consequently, n G in this case. 

Next, suppose V{n., h"^) does not contain a prime p in the open interval 
{hn — l,hn + l). If p G V{n, h"^), then p = hn±l for some choice of the sign, 
and we have p"^ + 1 — h'^n^ = ±2hn + 2 = ±2p. If there were an elliptic curve 
E defined over Fp2 such that E(Fp2) = Z„ x Z/j2„, then by Lemma [2](u) and 
Lemma [3](i) it would follow that n = h'^n, which is impossible since h > 1. 
This argument shows that n ^ N'2,h^ in this case. □ 

Corollary 20. Suppose that k is not a perfect square. Then, 

#Ar2,,(T)«, logT. 



Proof. In view of Lemma 16, it is enough to show that #A/2,fc(T) logT. 

Suppose that n G ^/2,k with n ^ T. Then there is a prime p and an 
integer i such that p^ = kn^ + £n + 1, |£| ^ 2\/k, and we have 



max{2A;n + £, 2p} <fc T. (16) 



Since 



{2kn + tf - k{2pf = e -Ak, 
the pair {2kn + £, 2p) is a solution of the Pell equation 

- kY^ = f- 4k. (17) 

Note that — Ak ^ since k is not a perfect square. It is well known (and 



easy to verify) that every solution {x,y) G to an equation such as (17) 
has the form 

X + yVk = [xq + yQ\/k)uj^ (t E Z), 
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where (xq, yo) is an arbitrary fixed solution, and w is a fixed unit in Q(v 
therefore, 

t <A; logmax{|2;|, \y\}. 



In view of ( 16 ) we have t log T for every solution (x, y) = {2kn + i, 2p) 



to (17), and the result follows. □ 



We remark that Theorem 19 implies 

2T 

#A/'2,i(T) = 7r(T - 1) + 7r(T + 1) - ^ T - 1 : p + 2 is prime} 



logT 



For m ^ 3, the situation is more complicated. For example, it is easy 
to see that 3 G Af3,237 \ A^3,237- Indeed, since 13^ = 3^ ■ 237 + 3 ■ 21 + 1, we 
have 3 G A/3,237- On the other hand, direct computation shows that there 
is no elliptic curve over any finite field FpS whose group of points E(¥p3) 
isomorphic to Z3 x Z3.237. In fact, the equation = 3^ ■ 237 + 3i + 1 
with \i\ < 2^237 = 30.79 ■ ■ ■ admits only one solution (pj) = (13,21), and 
13^ + 1 — 9 ■ 237 = 5 ■ 13 is not a value for the parameter a that is permitted 
by Lemma |2} 



7.2 Results with k = 1 

Here, we focus on the problem of bounding jj^J\fm,iiT) . We begin by quoting 
three results on Diophantine equations due to Lebesgue [S], to Nagell [TU] , 
and to Ljunggren [9], respectively. 

Lemma 21. For any m G N, the Diophantine equation y"^ = x"^ + 1 has only 
the trivial solutions (0,±1). 

Lemma 22. For any m G N that is not a power of three, the Diophantine 
equations y"^ = + x + 1 and y"^ = x"^ — x + 1 have only trivial solutions 
from the set {(0, ±1), (±1, ±1)}. 

Lemma 23. The only solutions of the Diophantine equation y^ = x"^ + x + 1 
are the following: {(0, ±1), (-1, ±1), (18, 7), (-19, 7)}. 

The main result here is the following: 
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Theorem 24. If m is even, then 



ifXmAT) = (m + o(l)) 



r-p2/m 

logT 



(T-> oo) 



If m ^ 5 and m is odd, then Afm,i = 0- Also, A/3,1 = {18, 19}, and 



#A/'i,i(r) « 



T 



logT 



Proof. First, suppose that m = 2r ^ 2 and n G Mm,i- Then there exists a 
prime p such that 



2r 



ra^ + ^n + 1 for some ^ G {0, ±1, ±2}. 



However, the cases £ G {0, ±1} can be excluded in view of Lemmas 21 and 22 



Since the numbers n for which this relation holds with (. G {±2} are those of 
the form n = p*" ± 1, by the prime number theorem it follows that 



#{n^T : n =p''± 1} = (2 + 0(1)) 



rpl/r 



logTiA 



(m + o(l)) 



fo^ 



and the proof is complete when m is even. 

Next suppose that m = 2r + 1 ^ 5. Combining Lemmas 21 , 22 and 23 
one sees that there is no integer n for which any one of the numbers + 1, 

+ n + 1, or ra^ — n + 1 is the m-th power of a prime. Since the relation 
{n ± 1)^ = jg g^jgQ impossible, it follows Nm,i = as stated. 

When m = 3 we are lead to consider the three Diophantine equations 

y=x+l, y = X + X + 1 and y = x — x + 1. 
The first equation has no nontrivial solution by Lemma |2T| the second only 



the nontrivial solution (18, 7) by Lemma 23, and the third only the nontrivial 
solution (19,7) by Lemma 23, Since gcd(7, 20) = gcd(7, — 17) = 1, using 
Lemmas [2] and [3] we conclude that A/3,1 = {18, 19}. 
As an application of Theorem 17, we deduce that 

A/i,i(T) = {n ^ T : + l,n'^ + n + 1, or ra^ — n + 1 is prime}. 

Using Brun sieve (see [201 Chapter 1.4, Theorem 3]) or the Selberg sieve 
(see (10) in Q we see that #A/i,i(T) ^ T/logT as required. □ 
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where 



Remark 1. Recalhng the asymptotic version of Schinzel's Hypothesis H 
(see p^) given by Bateman and Horn [Ij, it is reasonable to conjecture 
that 

#M,i(T) = (C + 0(1)) (T ^ oo), 

logT 

P>3 \ ^ / p>3 \ ^ 

and (-) is the Legendre symbol modulo p. We note that two distinct poly- 
nomials are simultaneously prime for 0(T/(logT)^) arguments n ^ T, so we 
simply estimate the number of prime values for each of the above polynomials 
independently. 

7.3 Finiteness of J\fm,k when m ^ 3 
In this section, we set 

^fc = U J^m,k and Mm = U J^m,k- 

We show that there are only finitely many prime powers p"^ with m ^ 3 for 
which there is an elliptic curve E defined over F^m with E{¥pni.) = Z„ x 
for some n G N. In other words, we have: 

Theorem 25. For every k ^ 2 the set /C^ is finite. 

Proof. We apply a result of Schinzel and Tijdeman fL5\ which asserts that if 
a polynomial / with rational coefficients has at least two distinct zeros, then 
the equation y"^ = f{x), where x and y are integers with y 0, implies that 

^ c(/), where c(/) is a computable constant that depends only on /. 

For any n G Kk, there exists a prime p and integers m, i with m ^ 3 and 
\£\ ^ 2Vk such that = kn^ + in + l. 

For values of i with \i\ < 2y/k, the polynomial kX'^ + £X + 1 has distinct 
roots. Thus we apply a result of Schinzel and Tijdeman ^15j which asserts 
that if a polynomial / with rational coefficients has at least two distinct zeros, 
then the equation = f{x), where x and y are integers with y ^ 0, implies 
that m ^ c(/), where c(/) is a computable constant that depends only on /, 
see also |T6l Theorem 10.2]. Hence, there are only finitely many possibilities 
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for the number m. For any fixed pair {m,i), using a classical result in the 
theory of Diophantine equations (see [El Theorem 6.1]), we conclude that 
there are only finitely many possibilities for the pair {n,p). 

lii = ±2y/k, then k = h'^ is a perfect square, and we have = (/m± 1)^. 
Thus, m is even, and /i^n^ = p"^ + 1 — a, where a = ±2^™/^. Applying 
Lemma |3](z) it follows that kn = h'^n = n; this contradicts our hypothesis 
that k ^ 2 and shows that the case i = ±2\/k does not occur. □ 

Remark 2. All of the underlying ingredients in the proof of Theorem [25] are 
effective, so one can easily obtain explicit bounds on t^/C^ and maxjn G /Cfc}. 
Using the explicit estimates of Bugeaud |2l Theorem 2], it can be shown that 
■AAm.fc = for any m > 2^3''/c3/2(log2 4fc)^. Further a result of Bugeaud [H 
Theorem 2] on solutions of superelliptic equations imply the bound max{n e 
A/'m,fc} ^ exp (c(m)A;^^™'(log fc)^"*), where c(m) is an effectively computable 
constant that depends only on m. 

A computer search suggests that the following table lists completely the 
elements in /C^ for 2 ^ A; ^ 5: 



k 






2 


{3,11,45,119,120} 


2^ = 


2 • 


32-3 + 1, 






35 = 


2 • 


112 + 1, 






2^2 = 


= 2 


•452 + 45 + 1, 






134 = 


= 2 


•1192 + 2-119+1, 






13^ = 


= 2 


• 1202 - 2-120 + 1. 


3 


{5,72,555} 


3^ = 


3 • 


52 + 5 + 1, 






56 = 


3 • 


722 + 72 + 1, 






31^ = 


= 3 


- 5552 - 555 + 1. 


4 


{1,9,23} 


23 = 


4 • 


12 + 3-1 + 1, 






73 = 


4 • 


92 + 2-9 + 1, 






2^1 = 


= 4 


-232-3-23 + 1. 


5 


{1,2,4,56,126} 


23 = 


5 • 


12 + 2-1 + 1, 






33 = 


5 • 


22 + 3-2 + 1, 






3^ = 


5 • 


42 + 1, 






56 = 


5 • 


562 - 56 + 1, 






433 = 


= 5 


- 1262 + 126 + 1. 



Theorem 26. For every natural number m we have M.m = f^- In other 
words, for any n,m E N there is a prime p and an elliptic curve E defined 
over ¥pm such that E{¥pm) = Z„ x Zfc„ for some G N. 
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Proof. Let m G N be fixed. If m ^ 2, then we have the identity 

X" = (X"^-2 + 2X'"-3 + . . . + (m - 2)X + m - 1)(X - 1)2 + m{X - 1) + 1. 

For any n G N, let p be a prime in the arithmetic progression 1 mod n that 
does not divide m, and put d = {p — l)/n. Applying the above identity with 
X = p, we have = kn"^ + £?t, + 1, where 

k = ^ 2p'"-3 _^ . . . ^ (^^ _ 2)p + m _ 1)^2 £ ^ 

The condition |£| ^ 2A/fc is easily verified since 

Ak ^ 2m(m - ^ m^d^ = (m ^ 2). 

Furthermore, a = + 1 — /cn^ = £n + 2 = m(p — 1) is not divisible by p. 
Hence, Lemma [3] shows that n G A^m- 
If m = 1, then for any n G N, let p be an odd prime in the arithmetic 
progression 1 mod n^. Then p = dn^ + l for some natural number d, and since 
a = p + 1 — dm? = 2 is not divisible by Lemma Is] shows that n G A^i. □ 



8 Missed group structures 

We have already given in ^ several examples of pairs (n, k) for which the 
group Z„ X Zfcn cannot be realized as the group of points on an elliptic curve 
defined over a finite field. 

Here we present more extensive numerical results. 

In Figure [T] we plot the counting function 

of "missed" pairs (n, k) with max{n, k} ^ D for values of D up to 37550. 



We immediately derive from Corollary 13 that 



lim f{D)/D = oo, 

D— >-oo 

but this statement seems weak in view of our computations. 
In Figure |2] we plot the counting function 

F{N,K) = NK-i^Sn{N,K) 



24 




of "missed" pairs {n, k) with n ^ N and k ^ K for values of and K up 
to 1000. For each fixed N = Nq the function Gnq{K) = F{No,K) appears 



to be hnear and increasing for modest values of K. Clearly, Corollary 13 
implies that when K = Kq is fixed then Hk(XN) = F{N,Kq) ~ KqN grows 
asymptotically linearly with the coefficient Kq. 

We now give some heuristic arguments to predict the behavior of F{N, K). 
We note that a pair (n, k) contributes to F{N, K) if kn'^ + in + 1 is not a 
prime power for every i such that \i\ ^ 2A;V2 (and in some other exceptional 
cases). Following the standard heuristic, kn'^ + £n + 1 is a prime power with 
"probability" about 

11 

if kn^ + in + 1> 1 



p{n, k,i) = I ^{n) log(A;n2 + in + 1[ 

I otherwise. 

(where the ratio n/(p{n) accounts for the fact that we seek prime powers in 
the arithmetic progression 1 modn). So (n. A;) G [1,A^] x [1,-?^] contributes 
to F{N, K) with "probability" about 

^{n,k)= W {l-p{n,k,i)) 
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Figure 2: 3D plot of F{N, K) for N,K ^ 1000 



Thus, we expect that F{N^ K) is close to 

B{N,K) = Y,Y."^{n,k). 

We have not studied the function B{N, K) analytically, but we note that for 
any fixed e > we have 



'(9(n, k) 



1 if ^ (logn)2-^, 
if ^ (logn)2+^ 



Thus, it seems reasonable to expect that 

,NK 

F{N,K) ^ B{N,K) 



UK ^ (logN) 



2-e 



o{NK) a K ^ {\ogNy+'. 
One can see on Figure |3] that the ratio 

• ' B(N,K) 
seems to stabilise when and K are large enough. 
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imio 



Figure 3: 3D plot of f3{N, K) for N,K ^ 1000 
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